In the unfortunate event of a cyberattack or privacy breach, you must report these occurrences to Wellmark Blue Cross and Blue Shield. Learn more about what to report and when you should report these events.
Reporting cyber incidents to Wellmark
In the event of a privacy breach or security incident, you are required to report the event no later than 10 business days following the discovery. You must provide a written report that includes:
- The nature and date of the breach, including the date it was discovered
- The type of protected health information (PHI) that was accessed, used or disclosed and by whom (if known)
- List the steps taken to correct the problem
- Any actions taken to mitigate future cyberattacks
A privacy breach is the inappropriate access, use or disclosure of PHI. You should also keep in mind the HIPPA definition of a breach. A security incident may include:
- Unauthorized access, use, disclosure, modification or destruction of Wellmark’s electronic PHI records OR
- Unauthorized interference with system operations that contain or provide access to Wellmark’s electronic PHI records
If you have any questions or concerns, talk to your authorized Wellmark representative or send an email to CyberResponse@Wellmark.com Send Email.